[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: /proc filesystem allows bypassing directory permissions on Linux

To: Matthew Dempsky <matthew@xxxxxxxxxxx>
Subject: Re: /proc filesystem allows bypassing directory permissions on Linux
From: Tony Finch <dot@xxxxxxxx>
Date: Tue, 27 Oct 2009 11:29:44 +0000

On Mon, 26 Oct 2009, Matthew Dempsky wrote:
> On Mon, Oct 26, 2009 at 9:01 AM, Tony Finch <dot@xxxxxxxx> wrote:
> >
> > Attacker uses openat() to open and modify the "private" file.
>
> At least with Linux 2.6.18, you still need +x permission on the
> directory to access its contents using openat(2).

According to POSIX, if you open the directory with O_SEARCH then openat()
does not re-check search (+x) permissions.

Tony.
-- 
f.anthony.n.finch  <dot@xxxxxxxx>  http://dotat.at/
GERMAN BIGHT HUMBER: SOUTHWEST 5 TO 7. MODERATE OR ROUGH. SQUALLY SHOWERS.
MODERATE OR GOOD.

Follow-Ups:
- Re: /proc filesystem allows bypassing directory permissions on Linux
  - From: Matthew Dempsky
- Re: /proc filesystem allows bypassing directory permissions on Linux
  - From: psz

References:
- /proc filesystem allows bypassing directory permissions on Linux
  - From: Pavel Machek
- Re: /proc filesystem allows bypassing directory permissions on Linux
  - From: Tony Finch
- Re: /proc filesystem allows bypassing directory permissions on Linux
  - From: Matthew Dempsky

Prev by Date: Re: /proc filesystem allows bypassing directory permissions on Linux
Next by Date: Re: /proc filesystem allows bypassing directory permissions on Linux
Previous by thread: Re: /proc filesystem allows bypassing directory permissions on Linux
Next by thread: Re: /proc filesystem allows bypassing directory permissions on Linux
Index(es):
- Date
- Thread